Title: Delegated Administration of a Hosted Resource 
Docket No, MS1-1684US 1 OF 3 

INVENTOR: GOCIMAN 




Title: Delegated Administration of a Hosted Resource 
Docket No. MSM684US 2 OF 3 

INVENTOR: GOCIMAN 



System Memory 134 



Application Programs/Modules 160 



Authorization Manager 
Module 


202 


Delegation Administration (DA) 
Module 


204 


Remote Client Web Site 
Administration Module 


206 




Execution Module 
(ExecutionMethod Method) 


208 


Authorized Process(es)/Command Line(s) 
(E.g., COM+, Etc.) 210 



I J 

Other Program Modules j62 G^'i- 





Program Data 


164 




IIS Metabase 


212 




Access Authorization Policy 
Store(s) 


214 



' < 

Deleaation Administration (DA) Confiauration 


File 


218 


(E.g., Method Definition(s), Parameter(s), 
Scope Mapping(s), Command Line 
Template(s), Log Data Format, Etc.) 


Registry 


220 


Log File 


224 


Other Data 


m Cr] 



J 




Authotization Manager 

API 

216 



API 

(E.g., API to Execute 
the Execution Module) 
222 



E.g., Hosted Web Site(s) and/ 
or Resourc(es), Web Server, 
Resource Configuration 
Module(s), Etc. 



2 



Authorization Manager Ul 
Data, Access Control List(s), 

Delegation Administration 
Dynamic Link Library (DLL), 
Command Line to Create an 

Authorized Process 210, 
Helper Scripts, Etc. 



Title: Delegated Administration of a Hosted Resource 
Docket No. MS1-1684US 3 OF 3 

INVENTOR: GOCIMAN 



302 



300 



308 



Specify, by an Administrative 
Entity, an Operation/Method 
such as Name, Scope, any 
Parameters, and so on. 



304 



Execute, by a User, an 
Application (E.g., a Remote 
Web Site Administration 
Application) Hosted by 
Service Provider. 



306 



Detect Request by User/ 
Hosted Application to 
Perform at Least an 
Operation on a Hosted 
Resource (E.g., a Hosted 
Web Page) 



Responsive to a User Request 
to Perform an Operation/ 
Method with respect to a 
Hosted Resource, Determine 
Whether the User is Authorized 
to Perform the 
Operation-Independent of 
Whether the User is a Member 
of an Administrators Group 



310 



I 



If User Does not Have 
Access to the Operation, 
Deny the User Access 



312 



I 



If the User is Granted 
Access to the Operation, 
Execute the Requested 
Operation via a Command 
Line or an Object (E.g., a 
COM Object) 



314 



I 



Log Requested Operation 

Results/Operating 
Parameters, and/or the like. 



